Method for providing virtual private network services between autonomous systems
First Claim
1. A method for providing virtual private network (VPN) services between two or more autonomous systems, comprisingproviding an aggregation edge router in each of said two or more autonomous systems;
- configuring a first aggregation edge router in a first autonomous system to be a routing peer of at least two ingress edge routers of packets, the first autonomous system being an autonomous system of the packets'"'"' ingress edge routers, such that first packet switched tunnels are established between the at least two ingress edge routers and the first aggregation edge router;
configuring the first aggregation edge router to be a routing peer of a second aggregation edge router in a second autonomous system, the second autonomous system being an autonomous system of at least two egress edge routers of the packets, such that a second packet switched tunnel is established between the aggregation edge routers;
configuring the second aggregation edge router to be a routing peer of the packets'"'"' egress edge router in the second autonomous system such that third packet switched tunnels are established between the at least two egress routers and the second aggregation edge router;
receiving, by the second aggregation edge router, a virtual private network-internet protocol (VPN-IP) route from the first aggregation edge router;
importing, by the second aggregation edge router, the received VPN-IP route into at least one appropriate VPN Routing and Forwarding table (VRF);
replacing, by the second aggregation edge router, associated route attributes of the received VPN-IP route by those configured to the at least one appropriate VRF in the second aggregation edge router, the route attributes including a route distinguisher (RD) and a route target (RT) of the VPN-IP route;
setting, by the second aggregation edge router, a next hop attribute for the address to the second aggregation edge router; and
re-advertising, by the second aggregation edge router, the received VPN-IP route so modified by the replacing and setting, to the packet'"'"'s egress edge router;
wherein no end-to-end tunnel between the ingress edge router and the egress edge router of each of the packets is established for the virtual private network services.
4 Assignments
0 Petitions
Accused Products
Abstract
The present invention relates to providing virtual private network (VPN) services between two or more Autonomic Systems (AS). An aggregation edge router (ASBR) is provided in two or more autonomous systems (Asx,Asy). The aggregation edge routers are configured such that routing peering between the two or more autonomous systems is done between the aggregation edge routers in these autonomous systems. Each aggregation edge router is a routing peer of other edge routers (PE) in its own autonomous system. The Multi-Protocol Label Switching (MPLS) network is used between the different autonomous systems.
-
Citations
14 Claims
-
1. A method for providing virtual private network (VPN) services between two or more autonomous systems, comprising
providing an aggregation edge router in each of said two or more autonomous systems; -
configuring a first aggregation edge router in a first autonomous system to be a routing peer of at least two ingress edge routers of packets, the first autonomous system being an autonomous system of the packets'"'"' ingress edge routers, such that first packet switched tunnels are established between the at least two ingress edge routers and the first aggregation edge router; configuring the first aggregation edge router to be a routing peer of a second aggregation edge router in a second autonomous system, the second autonomous system being an autonomous system of at least two egress edge routers of the packets, such that a second packet switched tunnel is established between the aggregation edge routers; configuring the second aggregation edge router to be a routing peer of the packets'"'"' egress edge router in the second autonomous system such that third packet switched tunnels are established between the at least two egress routers and the second aggregation edge router; receiving, by the second aggregation edge router, a virtual private network-internet protocol (VPN-IP) route from the first aggregation edge router; importing, by the second aggregation edge router, the received VPN-IP route into at least one appropriate VPN Routing and Forwarding table (VRF); replacing, by the second aggregation edge router, associated route attributes of the received VPN-IP route by those configured to the at least one appropriate VRF in the second aggregation edge router, the route attributes including a route distinguisher (RD) and a route target (RT) of the VPN-IP route; setting, by the second aggregation edge router, a next hop attribute for the address to the second aggregation edge router; and re-advertising, by the second aggregation edge router, the received VPN-IP route so modified by the replacing and setting, to the packet'"'"'s egress edge router; wherein no end-to-end tunnel between the ingress edge router and the egress edge router of each of the packets is established for the virtual private network services. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. An edge router for providing virtual private network (VPN) services in an autonomous system, wherein said edge router is an aggregation edge router, comprising:
-
means for establishing first packet switched tunnels between the aggregation edge router and each of at least two edge routers in an own autonomous system of the aggregation edge router, said first packet switched tunnels terminating at the aggregation edge router and the at least one other edge router; means for establishing a second packet switched tunnel between the aggregation edge router and a second aggregation edge router in another autonomous system of the aggregation edge router, said second packet switched tunnel terminating at the aggregation edge router and the second aggregation edge router; means for receiving a virtual private network-internet protocol (VPN-IP) route from the second aggregation edge router of the ingress edge router of a packet; means for importing the received VPN-IP route into at least one appropriate VPN Routing and Forwarding table (VRF); means for replacing associated route attributes of the received VPN-IP route by those configured to the at least one appropriate VRF in the aggregation edge router, the route attributes including a route distinguisher (RD) and a route target (RT) of the VPN-IP route; means for setting a next hop attribute for an address to the aggregation edge router; and means for re-advertising the received VPN-IP route, so modified by the means for replacing and means for setting, to the packet'"'"'s egress edge router located in the own autonomous system; wherein said first packet switched tunnels, and said second packet-switched tunnel are separate tunnels and no end-to-end tunnel passing via the aggregation edge router is established for the virtual private network services. - View Dependent Claims (8, 9, 10, 11, 12, 13)
-
-
14. An autonomous system configured to provide virtual private network services between different autonomous systems, the autonomous system comprising:
-
at least two edge routers configured to be one of an ingress edge router of a packet and an egress edge router of the packet; a first aggregation edge router provided with reachability information to the edge routers and reachability information to a second aggregation edge router in another autonomous system; wherein the edge routers are provided with reachability information only to the first aggregation edge router; wherein the edge router and the first aggregation edge router are configured to be routing peers so that tunnels terminating to the first aggregation edge router are established between the edge router and the first aggregation edge router, wherein the first aggregation edge router is further configured to be a routing peer with the second aggregation edge router so that a further tunnel terminating to the first aggregation edge router is established between the first aggregation edge router and the second aggregation edge router; wherein the second aggregation edge router is further configured to; receive a virtual private network-internet protocol (VPN-IP) route from the first aggregation edge router; import the received VPN-IP route into at least one appropriate VPN Routing and Forwarding table (VRF); replace associated route attributes of the received VPN-IP route by those configured to the at least one appropriate VRF in the second aggregation edge router, the route attributes including a route distinguisher (RD) and a route target (RT) of the VPN-IP route; set a next hop attribute for an address to the second aggregation edge router; and re-advertise the received VPN-IP route so modified by the replacing and setting, to the packet'"'"'s egress edge router; and wherein no end-to-end tunnel passing via said first aggregation edge router to the edge routers is established for the virtual private network services.
-
Specification